htaccess Elite

Hire htaccesselite professional

.htaccess tutorial


All times are UTC - 5 hours





Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Block access to all subfolders
PostPosted: Apr 15th, '08, 03:56 

Joined: Apr 15th, '08, 03:46
Posts: 6
Hello,

I have a question which I can't find the answer to anywhere on the web, but I'm sure it exists!

I have a website, which holds valueable media files in subfolders.

I want to block any access to these (in fact, all subfolders) on the server using .htaccess. The only way i want the media served is via my proxy PHP script so I can validate and record each download.

I am happy to grant access to all files on my parent folder, but want to block any access to subfolders.

Thanks for reading - and please let me know if you have any ideas about how to solve this problem!

Tony


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 9th, '08, 18:29 

Joined: Oct 30th, '06, 13:55
Posts: 89
Yes this is easy, just explain how exactly the php proxy script accesses the files.


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 12th, '08, 07:40 

Joined: Apr 15th, '08, 03:46
Posts: 6
Hi mod,

Thanks for your reply.

The PHP scripts receives an ID.

The script looks up the filename and path from a MySQL DB table.

The php script opens the file and reads the content before outputting it to the browser.

- is that detailed enough? Or do you want code snippets?


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 14th, '08, 22:51 

Joined: Oct 30th, '06, 13:55
Posts: 89
TonyKR wrote:
is that detailed enough? Or do you want code snippets?


Good, but please help me with the following:

  • What is the name of the subfolder you want blocked
  • what is the code you are using (minus any identifiable info) to open and serve the file


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 15th, '08, 02:37 

Joined: Apr 15th, '08, 03:46
Posts: 6
Quote:
header("Content-Type: audio/mp3");
header("Content-Length: " . filesize($filename));
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename=$nameofrecord.mp3");
header('Pragma: private');
header('Cache-control: private, must-revalidate');

$fh = fopen(trim($filename),'r') or die("error proxying $filename $fh");

while(!feof($fh))
{
echo fgets($fh, 1024);
}
fclose($fh);


I want to block access to EVERY subfolder.
I don't want to name each subfolder because one is created each time a new user is created.

Do you understand?


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 15th, '08, 02:56 

Joined: Feb 28th, '07, 11:16
Posts: 40
Ok gotcha..

I tested this myself since this is such a cool little htaccess trick.

Code:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+)/.*\ HTTP [NC]
RewriteRule .* - [F,L]


This will 403 forbid all direct requests for anything in a subfolder but will allow fopen to access the file.


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 15th, '08, 03:19 

Joined: Apr 15th, '08, 03:46
Posts: 6
htaccess wrote:
Ok gotcha..

I tested this myself since this is such a cool little htaccess trick.

Code:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+)/.*\ HTTP [NC]
RewriteRule .* - [F,L]


This will 403 forbid all direct requests for anything in a subfolder but will allow fopen to access the file.


That is sweet! Works a treat. Thanks a lot.

Slight feature request :) - can we allow PHP files to be served from the sub folders?

or if easier only apply the above rule to certain file type (MP3 in particular).

thanks again!!


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 15th, '08, 06:25 

Joined: Apr 15th, '08, 03:46
Posts: 6
Further Feature Requests:

How about blocking the access to any get requests from a foreign IP address?

i.e. allow all GET requests from the local macine (i.e. the server - so via proxy scripts / flash objects ...) but block anyone trying to download the media from another IP address...

i hate requirements creep, so sorry if this is annoying!


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 15th, '08, 07:03 

Joined: Feb 28th, '07, 11:16
Posts: 40
TonyKR wrote:
How about blocking the access to any get requests from a foreign IP address?


Code:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^.+$ [NC]
RewriteRule .* - [F,L]


There you go. This check isn't based on the IP address though, when php uses fopen it doesn't make a real HTTP request, so this will block everthing except fopen.


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 16th, '08, 04:32 

Joined: Apr 15th, '08, 03:46
Posts: 6
Thanks for that.

I'm going to try to be absolutely specific in my requirements now!

Requests from Server (Local) machine can access all files in any subfolder.

[I forgot to mention previously that some files can be streamed via a Flash player]

Requests from a Client machine can access just the index.php file in each subfolder.

I think I need what you've already done, inconjunction with:
Quote:
Order Deny,Allow
Deny from all
Allow from XXX.XXX.XXX.XXX


But how do I get the above to work with particular file types and requests from all non-local IP addresses!

It sounds complicated - more research needed!


Top
 Profile  
 
 Post subject: Re: Block access to all subfolders
PostPosted: May 16th, '08, 05:51 

Joined: Oct 30th, '06, 13:55
Posts: 89
TonyKR wrote:
Requests from Server (Local) machine can access all files in any subfolder.... I forgot to mention previously that some files can be streamed via a Flash player

Ok the important thing to know is how is whatever accessing the files? using fopen? fsockopen? curl? For the flash player: Is it real streaming using fopen type functions or is the flash player making a HTTP request for the files?

TonyKR wrote:
Requests from a Client machine can access just the index.php file in each subfolder....
But how do I get the above to work with particular file types and requests from all non-local IP addresses!

Ok this code can go in your /.htaccess file. It will deny all requests for any file in a subfolder. However, it will allow all requests for index.php in any folder and it will allow all requests made by a local IP addr (ip address starting with 208.113.183). So this should work for everything except I don't know about the flash player access yet.

Code:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+)/.*\ HTTP [NC]
RewriteCond %{REQUEST_FILENAME} !^.+index\.php$ [NC]
RewriteCond %{REMOTE_HOST} !^208\.113\.183.+$
RewriteRule .* - [F,L]

Check out this setenvif guide.

Also you may want to add
Code:
RewriteCond %{ENV:REDIRECT_STATUS} !200
before the rewriterule, depending on your server, see REDIRECT_STATUS variable article (lets local/internal requests through)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 5 hours


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB